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REMARKS 

Claims 1-3, 5-7 and 9-18 are pending. By this Amendment, claims 1, 3, 5-7, 9-15, 17 
and 18 are amended. Support for the amendments addressing the §101 rejections may be 
found on p. 17, lines 7-17, p. 18, lines 4-10 and p. 18, line 20 - p. 19, line 3, for example. 
Support for the remaining amendments may be found on p. 7, lines 1-5, p. 27, lines 2-12 and 
in Figs. 3 and 4, for example. Many of the claim amendments adopt suggestions in the Office 
Action to obviate claim objections, as discussed below. No new matter is added. 
Reconsideration of the application in view of the above amendments and the following 
remarks is respectfully requested. 

The Office Action objects to the specification and claims for various reasons. The 
claims are amended, obviating the objections. Withdrawal of the objections are respectfully 
requested. 

The Office Action rejects claims 1, 5-7, 10, 13, 15, 17 and 18 under 35 U.S.C. §112, 
first paragraph, regarding the recitation "independent of the authentication server." The 
claims are amended, obviating the rejection. 

Accordingly, withdrawal of the rejections under 35 U.S.C. §112, first paragraph, is 
respectfully requested. 

The Office Action rejects claims 12 and 18 under 35 U.S.C. §112, second paragraph, 
as allegedly being indefinite. The rejection is respectfully traversed. 

The test for compliance with §112, second paragraph, is whether one skilled in the art 
would understand the bounds of the claims when read in light of the specification. Miles 
Lab., Inc. v. Shandon Inc., 977 F.2d 870, 875, 27 USPQ2d 1 123, 1126 (Fed. Cir. 1993), cert 
denied, 510 U.S. 1 100 (1994). If the claims, read in the light of the specification, reasonably 
apprise those skilled in the art of the scope of the invention, Section 112 demands no more. 
See, also, In re Merat, 519 F.2d 1390, 1396, 186 USPQ 471, 476 (CCPA 1975). 
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Regarding claim 12, the Office Action asserts that "it is unclear and difficult to 
determine which 'server' or 'apparatus' performs which step." Claim 12 recites a method 
claim. There is no requirement, under 35 U.S.C. §112, that Applicant further specify which 
apparatuses perform which actions in a method claim. 

Regarding claim 18, the Office Action asserts that "it is unclear at which point the 
client apparatus received and stores, if ever, the first and second information generated by the 
connection server." Claim 18 does not further limit the timing at which point the client 
apparatus received the first and second information, beyond the language of the claim. 

Claims 12 and 18, when read in light of the specification, reasonably apprise those 
skilled in the art of the scope of the invention. Thus, claims 12 and 18 satisfy the requirement 
of §1 12, second paragraph. 

Accordingly, withdrawal of the rejections under 35 U.S.C. §112, second paragraph, is 
respectfully requested. 

The Office Action rejects claims 1, 3, 5-7 and 9-11 under 35 U.S.C. §101 as allegedly 
being directed to non- statutory subject matter. The amendments to these claims obviate the 
rejections. 

Accordingly, withdrawal of the rejections of claims 1, 3, 5-7 and 9-11 under 35 
U.S.C. §101 is requested. 

The Office Action rejects claims 5, 10 and 15 under 35 U.S.C. §103(a) over U.S. 
Patent No. 6,463,474 to Fuh; rejects claims 1-3, 6, 7, 9, 1 1-14, 16 & 17 under 35 U.S.C. 

§ 103(a) over U.S. Patent No. 7,350229 to Lander in view of Fuh, and rejects claim 18 under 
35 U.S.C. § 103(a) over Lander and Fuh in view of U.S. Patent Application Publication No. 
2003/0163691 to Johnson. The rejections are respectfully traversed. 

Claims 1, 3, 6, 7, 9, 12, 13 and 18 varyingly recite features such as the authentication 
server machine transmitting the connection server address to the client machine in an 
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authentication process before having ever received the connection server address from the 
client machine in the same authentication process, and the message not containing the address 
of the connection server machine. The combination of applied references would not have 
suggested these features for at least the following reasons. 

The applied references disclose systems in which a client already knows the address of 
the server it wishes to contact and requests contact with that server. To make this request, the 
client already knows the server's address and creates a connection request based on that 
address. For example, Fuh discloses, at col. 10, lines 10-24, that "each packet of an HTTP 
request includes a header portion that contains one or more fields [which] include . . . values 
for source IP address and destination IP address of that packet." Similarly, Fuh discloses that 
firewall router 210 receives an inbound packet from client 306 at external interface 420 that is 
intended for target server 222, and therefore would contain the destination server's address 
(col. 9, lines 45-47). 

Similarly, Lander discloses that "the central security process captures the request (step 
404) and determines whether the user is attempting to access a protected resource." Lander 
also discloses that its primary embodiment is directed to HTTP, in which a request to access a 
protected resource would contain the resource's address (e.g. URL) (col. 14, lines 16-27). 

In general, the applied references are directed to systems in which the client already 
knows the address of the server that the client wants to access, and is simply requesting 
authorization to access it. In contrast, this application discloses a system in which a client 
machine does not know the address of the connection server machine until the authentication 
server machine authenticates the client machine and sends the client machine the connection 
server machine's address: 

Thus, the user of the client cannot know the network address of 
the connection server until the user is authenticated in the 
authentication server, (p. 7, lines 1-3) 
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Herein, the connection command in the process S3 1 may 
include the network address of the connection server. In this 
case, it is not necessary to set the network address of the 
connection server 1 1 in the client 3 in advance. . . . Thereby, a 
user of a client cannot know the network address of the 
connection server until the authentication server authenticates. 

(p. 27, lines 2-12) 

In view of the above passages, the application supports the feature of an authentication 
server machine transmitting the connection server address to the client machine in an 
authentication process before having ever received the connection server address from the 
client machine in the same authentication process, as recited in claim 1. Claims 3, 6, 7, 9, 12, 
13 and 18 recite similar features. 

The applied references would not have rendered obvious the above-discussed feature, 
because they are directed to systems in which the user already knows the address of the target 
server, as explained above. In other words, the applied references do not disclose 
authentication servers that would first tell the client the address of the connection server 
before the client tells any authentication server the address of the connection server. 

Claims 5 and 1 0 recite, among other features, switching from a state in which 
authentication information is not allowed to be received from the client address to a state in 
which authentication information is allowed to be received from the client address. The 
applied references also would not have rendered obvious these features. 

The Office Action applies Fuh, at col. 7, lines 58-61, as disclosing the recited 
switching feature. This passage discloses that the firewall in Fuh switches from a state in 
which packets are not passed on down the network to a state in which the packets are passed 
on. Passing packets down the network is different that allowing packets to be received. For 
example, one can allow packets to be received without allowing them to be passed on. 
Therefore, the disclosure that the firewall in Fuh switches from a state in which packets are 
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not passed on, to a state in which they are passed on, would not further have disclosed 
switching to a state in which the packets are allowed to be received. Rather, Fuh appears to 
disclose that the firewall always allows the packets to be received by the firewall, and only 
bars them from being passed on if not authorized. Thus, the applied portion of Fuh does not 
disclose "switching from a state in which authentication information is not allowed to be 
received from the client address to a state in which authentication information is allowed to 
be received from the client address." 

Claims 1 1 recites calculating first authentication information unique to the client 
machine to register the first authentication information in the connection server machine. 
Claim 9 recites similar subject matter. The applied references also would not have rendered 
obvious these features. 

The Office Action concedes that Lander does not disclose the above-discussed 
features. The Office Action asserts that Fuh, at col. 3, lines 5-6, supplies the missing subject 
matter. The Office Action's assertion is incorrect. 

The applied passage only discloses that the network device stores client authorization 
information. The passage does not disclose that the information is unique to the client 
apparatus. Client authorization information is not necessarily, or impliedly, unique to a client 
apparatus: there may be multiple clients to a same apparatus or multiple apparatuses for a 
same client (see also the Remarks in the September 9, 2008 Amendment and p. 20, line 21 - 
p. 21, line 5 of the specification). Thus, the combination of applied references would not 
have rendered obvious the subject matter recited in claims 9 and 11. 

Johnson is not applied in any manner that would overcome the above-identified 
shortfalls in the application of Lander and Fuh to the subject matter of the independent 
claims. 
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In view of the above, the combinations of applied references would not have rendered 
obvious the combinations of features recited in claims 1, 3, 5-8, 10-13 and 18. Thus, the 
combinations of applied references would not have rendered obvious the combinations of 
features recited in claims 2 and 14-17 for at least the respective dependence of these claims 
on an allowable base claim, as well as for the separately patentable subject matter that each of 
these claims recites. 

Accordingly, withdrawal of the rejections of the pending claims under 35 U.S.C. 

§ 103(a) is respectfully requested. 

In view of the foregoing, it is respectfully submitted that this application is in 
condition for allowance. Favorable reconsideration and prompt allowance of claims 1-3, 5-7 
and 9-18 are earnestly solicited. 
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Should the Examiner believe that anything further would be desirable in order to place 
this application in even better condition for allowance, the Examiner is invited to contact the 
undersigned at the telephone number set forth below. 


JAO:KTW/acd 

Date: March 9, 2009 

Oliff & Berridge, plc 
P.O. Box 320850 
Alexandria, Virginia 22320-4850 
Telephone: (703) 836-6400 


Respectfully submitted, 

f/lA/Jl 

James A. Oliff / 
Registration No. 27,075 

Kipman T. Werking 
Registration No. 60,187 
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